Proofpoint Security Awareness Training

Formerly Wombat Security

Proofpoint Awareness Training brings a lot of ready to go modules for improving security knowledge.

Proofpoint Awareness Training modules are playful and fun.

It is possible to make your own questions and test modules.

It would be easier for our administrators if they could upload a bulk of their own questions via CSV or something like that.

Own Questions with multiple answer possibilites would be nice.

One of the most important things it does well is providing support from day one. The team is very friendly, knowledge and quick to help where need be. One of the reason's why we choice Proofpoint over other leaders in the Gartner Magic Quadrant for Security Awareness Computer-Based Training was because of its team.

Being a Proofpoint customer, Proofpoint Security Awareness Training's Phishi Alarm & Analyzer integration with Proofpoint tool's such as TRAP allowed us to use automation to help protect the company. The ability to turn all employees into part of the IT Security team, by reporting phish with a button in outlook and then to pull back out of all employees email if condemned, is very powerful. We are looking forward to what is to come as this relationship deepens.

It has a comprehensive set of resources and tools to help support a Security Awareness Program. It is nice to be able to work with one company who does many things well vs multiple partners for different aspects of Security Awareness Training.

The lack of a user rating on "cyber risk" is proving to be an immense difficulty. As we are looking at how to better hold our employees accountable as well as provide increased learning opportunities for those who need it most, it is becoming cumbersome--especially given the fact this is starting to become the standard for Security Awareness companies. The lack of this is resulting in a manual process vs being able to automate and moderate, thus taking up time and resources, which are always at a scarcity. It can also be cumbersome to look across the tools to see how a particular user is doing, vs being able to view all of their data in one space.

If you are a marketer, the editors for the Phishing Templates and Teachable Moments are quite frustrating. They feel out of date and clunky, as well as not featuring an auto-save, so you could lose the templates you are building. At this point, I have actually started to work in other email creation editors and learning HTML, to better customize and then moving all of the code into the editor. It has thus far proven to be less of a headache. I also do not believe the average user is working on branding their program, creating consistency for easy of navigation, and including additional resources in their teachable moments in the way we currently are. However, as more social science backgrounds continue to enter security awareness, I believe this will move towards the norm.

Some of the reporting numbers for Simulated Phishing could be better. For example, telling me how many people acknowledged the teachable moment out of the full email campaign is less meaningful than knowing how many people acknowledged it, from those who actually triggered/were shown the teachable moment.

Good support (from Mr. Kurt Werner)

Polite communication

Good price

Bulk management of users is very complicated and unclear

The overall systems are lacking integrated instructions

Variety of training modules

A wide selection of materials

Nothing I can think of

Brings a high level of awareness to our people who are the last line of defense.

Training materials/videos are good and do not take a lot of time.

Easy to use and setup.

Some reporting in Exchange 2013 and older do not always report users actions.

Adding user groups take a bit of time.

Proofpoint makes access to training simple. Each user receives an email at the start of the training campaign that contains a unique link to their assigned training. Users do not have to have a password to access the training.

Proofpoint's training modules are unique and designed to involve the user without allowing them to ignore the training. They do this by not using audio or videos, keeping the topic and text simple, styling graphics to aid in displaying timely information, and require some but not excessive interaction.

The ThreatSim phishing platform is excellent. They have a lot of templates to use but also allow customization.

Though the training is well designed, I have found some of my users are able to click inattentively through the training. The quizzes in some senses are too easy. Some of the questions they answer are too obvious even if you didn't pay attention to the training.

Scheduling training in advanced could be easier. Their platform does not have any "overview" of all scheduled training, a feature that would greatly aid my scheduling efforts. You have to click over to ThreatSim to see your phishing campaigns. You have to click into the Training section to see your schedule training. Having a simple feature that would show everything scheduled in a list or calendar view, where you could view a week, month, quarter or year of schedule activities would make scheduling a lot easier for me.

The platform is expensive. We only have 10 users and are paying $2500. It is my understanding this is their minimum and we could have a couple of hundred users. Small businesses need training too.

Threat simulation

Assessment exams

Examples

Ability to select any training after an assessment

Design an entire program including threat sim, training, and assessment

Notifications

Short and sharp awareness modules.

Possibility to FULLY customize the training modules (new feature in the latest release).

Very well received by users.

Reporting can be a challenge.

Including the 'people manager' in reminder emails is missing.

Many user enrollment options exist. An API would be welcome to automate user enrollment for organizations where directory sync doesn't work. Currently, these are limited to 'bulk uploads.'

Phishing exercises

Information security training

User management could be better

A wide range of training modules in 30+ languages.

Great support staff.

A wealth of templates to choose from.

Options for tailor-made tests.

More automation in performing tests, less manual work.

Problem shooting in case assignments cannot be started or completed.

More flexible time schedules for assignments.

Training is quick and easy to digest.

Training is presented in a mobile-friendly manner.

Information provided within the training provides value to employees' personal and work life.

Reporting is cumbersome at best. It is not easy to paint a good picture of the value gained by having employees complete awareness training.

Teaches users how to look over email before they click on any link or attachment. Shows them how to recognize suspicious emails by noticing misspellings, bad grammar and sentence structure.

Our users are quick to send us what they receive to get verification as to its legitimacy before clicking links or opening attachments.

Most know how to hover over the link to see where it really takes them.

Some of the training material templates contain language that is not suitable for our culture such as "you could lose your job". We would not punish our folks that way if they accidentally clicked a link that could compromise our system. We have had ransomware in the past that was done without intent and we would not fire anyone for this. This is just our culture.

The online training modules are interactive and use real-world scenarios to show how threats can reach everyone.

The modules ensure understanding of concepts before you can move on.

The modules are varied in content, covering many aspects of Cybercrimes - from phishing and social engineering to Physical Security and PII.

Proofpoint also provides (as an option) videos and posters to further enhance awareness of potential threats.

Customer service is responsive when needed and having access to the Wombat online community platform allows ideas to be shared among users.

The platform provides options for many different reports (with some customization options), however, there are reports that I would want that are not available.

Adding new staff (we have a lot of turn-over) into an existing training plan can be cumbersome for the system administrator. Although End-User Sync can be set-up to "add" new users to the system, the new users still need to manually be added to the assignments and sent past assignments to complete. (NOTE: this was made more difficult because of our decision to implement a training plan the way we did).

Some of the ThreatSim campaigns (simulated phishing or malicious attachment emails) will only work if you are using their PhishAlarm plug-in (add-on button for Outlook, etc. for users to easily report suspected threats). Our users access email by iPhones, Android, iPads, PCs, and Macs. PhishAlarm cannot be used for all of these platforms.

Ability to create personalized phishing emails in addition to the templates.

Good strong tracking abilities in order to see which users clicked and for what campaign.

A large variety of phishing templates and domain names to choose from, so our users never get too familiar with what might be coming!

The PDF/HTML attachment campaigns have limited ability to be customized. It would be more helpful if we could add phishing links inside the pdf attachments.

The HTML builder for the custom templates seems a bit limited.

Additional types of phishing emails would be a nice addition.

Easy to navigate - Users had complaints about our previous security training as being hard to navigate.

Short and to the point - The training material is short and to the point. There are not 1000 words to read and then answer a lengthy quiz at the end. The material and the questions and answers are tightly integrated to keep the user engaged the whole time (5 - 10 minutes).

Relevancy - The material is relevant to the company and to their personal lives. For example, the training material regarding password managers spurred an interest in our employees to contact us to sign up for the corporate password manager.

Based on our current needs, user feedback, and using other solutions previously, we like the ProofPoint training material the best thus far. The ability to continue refreshing the content to make it fresh and changing the user interactions (to keep users on their toes) over time will be what we look for.

Automatically emails new associates.

Email notifications of completion.

Annual reporting.

Current topics such as California Consumer Privacy Act [CCPA]. With more than 12 months of advanced notice by the legislation, it's disappointing that Proofpoint could not deliver a 15-minute training module and questions to be used as training evidence.

Timely response by account representatives in renewing annual subscriptions.

Provides engaging training assignments.

Answers user questions quickly and effectively.

Provides fresh new content on a regular basis.

Occasional issues in scrolling, depending on the browser.

A slightly wider array of training choices - many topics, but only a few choices per topic.

Training modules are very informative and interactive.

I love their reporting, it makes it easy when management wants reports on who completed them and who hasn't.

The customization on setting up/creating/assigning modules is great.

Threat sim is easy to setup. I love that if people click on a link you can auto-enroll them into a class.

Training videos. I recently saw a demo for Ninjio and I think video training like this would take Proofpoint Security Training to the next level. It would be nice to have video options. I think video options are good and will keep people's attention. Sometimes reading through the training modules and answering questions can get old and it loses people's interest, so I think adding some video options would keep people's attention and they might learn more.

At first, the new reports system seemed a little intimidating, so I used the legacy one for awhile. I recently starting using the newer reporting system and I love it. If they don't have one already a help section or training video on using the report system would be great.

Adding more new training modules. A lot of them seem very similar and I have gotten feedback that people feel like they are doing the same ones over and over again. This is our third year doing it and it is starting to feel a little stale.

Cyber strength risk assessments

Phishing training & re-education

Security awareness training

Billing and invoicing (especially for smaller companies)

Accounts payable

Contract language (especially for smaller companies)

Ability to create a repository of employees with accuracy.

Good customer support.

Many different templates for training.

Rudimentary analysis.

Better visualizations.

Easy to use templates.

Statistical analysis shows the status of security awareness across the company.

N/A